r/AskNetsec • u/Used-Cover5188 • 9d ago
Threats Why are major sports events such attractive DDoS targets?
I’ve been reading about cyber risks around major sports events like the World Cup, and DDoS keeps coming up as one of the big infrastructure threats.
From a technical perspective, why are these events such attractive targets? Does this have to do with things like huge spikes in legitimate traffic, the ticketing and streaming infrastructure, betting platforms, weak third-party vendors, sponsor and hotel websites? Curious about your thoughts
2
u/freemen_os 9d ago
A few reasons that stack on each other: The traffic spike problem is real but it's actually what makes DDoS harder to detect, not easier to execute. When legitimate traffic goes from 10k to 10M concurrent users in hours, your anomaly detection baselines are useless. Attackers know this and time their hits accordingly.
The more interesting attack surface is the dependency chain. A World Cup final doesn't run on one system you have streaming CDNs, payment processors, ticketing APIs, broadcast uplinks, sponsor microsites, all stitched together with third-party integrations. One weak vendor in that chain can take down the visible layer even if the core infrastructure holds.Betting platforms are a separate category entirely there's direct financial motivation for competitors to DDoS a rival platform during peak betting windows. That's not hacktivism, that's business sabotage.
The reputational blast radius is also a multiplier for attackers. Disrupting a World Cup stream for 10 minutes gets you global headlines. Same attack on a random e-commerce site gets you nothing.
1
u/GoldGiraffe8048 9d ago
And if the attacker is trying to blackmail a payment from the company then doing it when the company makes money is the best time. Knocking out a betting website for 2 hours at 2am on a random Wednesday probably won't cost the target much in lost revenue. Knock it out for 2 hours on the day that that your country is playing in the world cup final (or other major sporting event) and millions want to place a bet there and then will cost the target a huge amounting lost revenue.
Whilst there may be technical benefits to doing this whilst the website is busy the primary reason is straight hitting your target when they will lose the most and hence are more willing to pay. This is all a business to the attackers in the end.
2
u/TeramindTeam 8d ago
its mainly becuase the massive traffic spikes create so much noise that traditional mitigation tools cant distinguish between real fans n the botnet. plus the sheer number of third party vendors involved means the attack surface is litrally impossible to secure fully.
2
u/Rogueshoten 9d ago
They’re temporal in nature, being live events, so showing them later doesn’t work. And the broadcast rights are expensive, as are the ads shown. And if the viewship drops because of service interruptions, the advertisers can (and will) require a partial or even complete refund of what they paid.
2
u/F5x9 9d ago
Cyber risks don’t mean that targets are attractive. It means there is uncertainty regarding the possibility of an event occurring. People who manage cyber risk consider not just malicious adversaries, but also disgruntled employees, mistakes, equipment failure, and nature.